NDAA pushes more oversight of cyber

By Lauren C. Williams

Nov 13, 2017

The National Defense Authorization Act appears to be in the home stretch. The conferenced House-Senate compromise has will force the military's cyber leaders to define offensive strategies, develop and manage cyber weapons and lay a foundation for a stronger cyber workforce.

But the main thrust of the bill, which many are hoping will pass in December, is increased Congressional oversight over cyber operations to address a growing sentiment that defense committees are not involved enough in cyber-related decision-making.

Here are some of the major cyber provisions for fiscal year 2018:

Planning for an end to a dual-hat cyber commander era. The bill requires DOD leadership submit a report by May 1, 2018 on the operational and budgetary impact of making Cyber Command’s commander a standalone position. The position is currently held by NSA Director Adm. Mike Rogers.

Kaspersky ban. Kaspersky Lab products, or those from any successor, are blacklisted from use anywhere in DOD. The ban includes products from companies in which Kaspersky has a majority ownership and is effective October 1, 2018. The Department of Homeland Security banned government agencies from using Kaspersky products earlier this year.

Cyber posture review. Secretary of Defense must carry out a five-year comprehensive review of cyber policy and strategy regarding cyber deterrence that begins five years after the bill is enacted. The Senate’s cyberwarfare doctrine was dropped from the final version of the bill.

Cyberwar according to Trump. The bill tasks the president with developing national policies for cyberspace, cyberwarfare, and cybersecurity outlining what capabilities are available to deter or respond to cyberattacks.

Bolstering oversight of cyber weapons and operations. Congress is mandating the Defense Department alert Congress 14 days prior to adopting any written changes to cyber weapons and operations. Additionally, the DOD must issue quarterly reviews of cyber capabilities. If such information is leaked Congress requests to be immediately notified.

New stipulations in cyber scholarship program. The NDAA bill stipulates that at least 5 percent of funds allotted for the program is earmarked for associate degree programs accredited by the Center of Academic Excellence in Cyber Education, which is designated by the NSA director.

Cyber scholarship-for-service pilot program updates. The National Science Foundation and Office of Personnel Management are tapped to launch a pilot scholarship program involving five to 10 community colleges. The goal is to place at least 80 percent of those in executive agencies. Eligible students must be veterans pursuing associates degrees or certifications in cybersecurity. The bill also sets aside funds to boost cyber education in K-12.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.